General Topics
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
We are conducting regularly scheduled maintenance over the weekend, which could cause some downtime on LIVEcommunity. We apologize for any inconvenience.
General Topics

Discussions

Thank You for Filling Out the LIVEcommunity Experience Survey!

If you've visited LIVEcommunity anytime recently, you've probably seen a pop-up asking for your feedback. We've deployed this survey since April 2020 for new and returning visitors alike as a way to gather feedback from our users. 

 

In the past six

...

survey-livecommunity.png
jforsythe by Community Team Member
  • 637 Views
  • 1 replies
  • 4 Likes

SSH proxy presents two different keys seemingly randomly

Has anyone ever seen the Palo Alto present multiple different SSH keys to the clients?

I'm testing SSH proxy and it seems that the palo alto vacillates between two different keys that it presents to clients.

This won't work because the scripted applica

...

bfperez by L1 Bithead
  • 452 Views
  • 0 replies
  • 0 Likes

cluster question

Hi,

Device1 Active

Device2 Passive

When a failover happens...it takes about 7-8 timeouts(45 second) : device1 passive device2 active

When a failover happens again  it takes about 1 timeout(good time):  device1 active  device2 passive

Any ideas ?

Thanks.

panos by L6 Presenter
  • 731 Views
  • 3 replies
  • 0 Likes

SYSTEM ALERT: Version 5.0.5

Hi All,

After upgrading to version 5.0.5 i have a strange thing....

---

severity: high

opaque: HA Group 1: Peer version of 5.0.5 not compatible with the HA2 keep-alive setting; disabling HA2 keep-alive

---

severity: critical

opaque: HA Group 1: All HA1 conn

...

Oleksandr by L3 Networker
  • 1378 Views
  • 9 replies
  • 0 Likes

Resolved! M-100 Panorama Mode Collectors in HA

Probably an obvious question but the documentation doesn't seem to reference this directly...

If I have 2 x M-100s in HA, by default they are in a state where the primary is listed within the "Managed Collectors".  From what I understand the logs are

...

dmeier2 by Not applicable
  • 1461 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect with Active Directory Accounts

Hello all,

I have what might be a simple question. I want to authenticate to Global Protect SSL-VPN using my current Active Directory users. Do I need to have the User ID software installed on a domain server to do this? If thats needed for LDAP can o

...

jnunham by Not applicable
  • 1297 Views
  • 5 replies
  • 0 Likes

Resolved! Bi-directional NAT is still requiring a /32 static route

I have two VPN tunnels established with a vendor.  1 is in San Digeo and 1 is in Las Vegas.  The subnet in SD uses 10.220.1.0/24 and LV uses 10.220.2.0/24.  With both tunnels they want me to NAT my IP of 172.16.1.235 to 10.200.249.30.  I have a NAT s

...

nthen by L3 Networker
  • 1398 Views
  • 4 replies
  • 0 Likes

Resolved! HA PORT CONFIGURATION IN 4.1.12?

Hello world,

I have done an upgrade of PA2050 cluster in 4.0.9 to 4.1.12. In 4.0.9 the link speed and duplex for HA PORT was forced.

after the uprade in 4.1.12 I lost a lot of packet and when I tried to do a commit I had an error message.

Commit failed

...

alle by L3 Networker
  • 1248 Views
  • 2 replies
  • 0 Likes

Communication within different Trust Zones

Hi,

I am working with PAN-500 3.0.9.

I have configured 2 trust zones and 2 untrusted zones.

l3-trust IP 192.168.0.254/22; l3-untrust 200.78.x.x

l3-trust2 IP 192.168.10.254/24; l3-untrust 201.161.x.x

I need that users from l3-trust get access to servers lo

...

Resolved! Block but don't log

Is there a way to block some vulnerabilities or spyware without logging them? For instance I would like to block all the Microsoft SQL Server Stack Overflow Vulnerability but I am tired of them skewing some of our charts and stats. it looks like I ca

...

jmayne by Not applicable
  • 981 Views
  • 3 replies
  • 0 Likes

Resolved! LDAP - Group Mapping with Child Domain users

Hi all,

We'd like to use an Active Directory group in our root domain (e.g. "company.com") to control GlobalProtect authentications. Let's name this AD group "VPN Access" (it's a "Universal" Security Group). It contains user objects from the root doma

...

oschuler by L4 Transporter
  • 3242 Views
  • 2 replies
  • 0 Likes

NAT rule for IPSEC VPN using NAT-T

I'm running PANOS 4.0.13 and I've enabled NAT-T via the command line.  I'm having trouble getting traffic to pass and I assume it must be my NAT policy.

1. I set a destination NAT as the vendor will be the initiator.  The NAT is defined like this:

srcz

...

iguarino by L0 Member
  • 1122 Views
  • 2 replies
  • 0 Likes

Resolved! PAN-OS 5.0.5 :Commit failed

Hello,

I have upgrade my firewall from 5.0.1 to 5.0.5 successfully.

But when I am trying to commit. It is giving below error.

Operation

Commit

Result

Failed


Details vsys -> vsys1 -> global-protect -> global-protect-portal -> portal-tunnel -> client-confi

...

u22443 by Not applicable
  • 1050 Views
  • 3 replies
  • 0 Likes

Resolved! Question Regarding Reporting

Hi All!

I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.

One thing th

...

Resolved! FQDN vs NetBIOS Domain Name

Hi,

I have a PA-3020 running agentless user-id. When I examine the traffic log, some user id's are displayed as netbios_domainname\userid and others displayed as FQDN\userid.

ie:

domain\billw

vs.

domain.somewhere.com\billw

Any ideas as to why this happens?

...

charger by L2 Linker
  • 5628 Views
  • 5 replies
  • 1 Likes
Top Solution Authors